diff --git a/README.md b/README.md
index a1703281926b7f27b4613762d5c2955edc11e764..8c87598b8c65751ca4c967a45a4b3619250e7b74 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,40 @@
 [nuclei](https://docs.projectdiscovery.io/tools/nuclei/overview) templates
 for testing SAML service providers.
 
+## Background
+
+The goal of these templates is to test SAML authentication between a SP (the target) and a conformance IdP (see below).
+
+There are two ways to start the authentication:
+
+1. IdP-initiated, starts by redirecting to an endpoint of the conformance IdP
+1. SP-initiated (the most common), which usually starts at the SP by clicking a "login" button, accessing a protected page etc.
+
+The IdP-initiated login is easier to automate, because the endpoint is known, but this produces *unsolicited* authentication responses, which some SPs might reject.
+
+SP-initiated login can have many forms, but some of them are more or less standardized:
+
+### Service Provider Request Initiation Protocol
+
+[Service Provider Request Initiation Protocol](https://docs.oasis-open.org/security/saml/Post2.0/sstc-request-initiation.html) can be used to start login with a specific IdP (it is as easy as with IdP-initiated login)
+
+> there are about 50 universally looking paths to this endpoint in eduGAIN, most of them are Shibboleth SPs (SimpleSAMLphp does not have this, neither does SATOSA; Keycloak embeds a realm in the URLs so they cannot be guessed)
+
+### Discovery response endpoint
+
+[Identity Provider Discovery Service](https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-idp-discovery.pdf) response endpoint can be used to pretend that a user has selected a specific IdP (unsolicited message to this endpoint),
+that should also trigger an SP-initiated login.
+
+> there are about 90 universally looking paths to this endpoint in eduGAIN - Shibboleth SPs, SimpleSAMLphp, SATOSA and more
+
+### SP-specific login page/button
+
+If neither of these previously mentioned endpoints are available, we can try to find a login page and click a login button, for example:
+
+* a generic template which will assume that the button is on the home page ("/") and it has the words "log in" or "sign in" on it, and it is a link which will directly select the conformance IdP
+  * this can be further extended to be able to bypass well-known discovery services by performing the selection of conformance IdP on the DS (only applicable if the conformance IdP is going to be in the DS)
+* a SP-specific template for SP-specific behavior
+
 ## Requirements
 
 ### nuclei